Guidelines to Limit Criminal Prosecutions of Filesharing Services

Benton Martin and Jeremiah Newhall.

The high-profile prosecution of popular cyberlocker Megaupload for criminal copyright infringement is the latest in a series of recent criminal prosecutions of online filesharing services.[1] According to prosecutors, Megaupload’s operators profiteered from infringing content by collecting advertising revenue and selling premium access to unlimited streaming of copyrighted media without a license from the copyright holders.[2] They also showed awareness of infringement, the government says, by joking in internal emails about helping pirates, financially rewarding uploaders of popular content even if they’d been caught infringing before, and instituting an “Abuse Tool” that merely hid infringing files while still allowing access to them.[3]

This new wave of prosecution raises important, unanswered questions about the scope and propriety of criminal enforcement actions against online services facilitating storage and sharing of digital files. In our view, “secondary” theories of infringement developed through civil copyright law also apply in the criminal context. With that understanding, we propose guidelines for prosecutors to limit prosecutions to theories of liability already established in appellate (primarily civil) cases, pursue only the most notorious infringers, and target those filesharing-service operators that openly and successfully defy civil enforcement actions.[4]

I.  Background on Criminal Sanctions for Filesharing Services

Criminal copyright law dates back to 1897, and liability for aiders and abettors goes back to 1909,[5] but criminal liability for so-called “secondary infringement” is a new development. Only in the last decade did the Supreme Court recognize the civil liability of filesharing services, in Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., which held that two Napster copycats, Grokster and Streamcast, could be on the hook for their users’ infringement, as long as their operators exhibited an intent to induce infringement.[6] That decision provoked further litigation over the extent that filesharing services could take advantage of the “safe harbor” provision in the Digital Millennium Copyright Act (DMCA) for Internet service providers that complied with takedown requests.[7] YouTube, for instance, successfully rebutted civil litigation from entertainment companies by arguing that it hadn’t been properly notified of infringing videos.[8]

After this civil theory of secondary liability was established, it didn’t take long for U.S. prosecutors to seek its application in the criminal context. These efforts began in 2010, as the United States targeted sites like NinjaVideo, an online database of infringing files, many of which are stored through Megaupload.[9] The government also pursued the operators of services providing embedded video of copyrighted television shows, though these prosecutions eventually stalled, in part because of lingering uncertainty about the liability of “social bookmarking” sites.[10] The government then turned its attention to Megaupload, charging the company and its operators with six different federal crimes ranging from aiding and abetting infringement to wire fraud. However, these charges hinge, in large part, on Megaupload’s operators being found guilty of “secondary” copyright infringement.

II.  Limiting Criminal Copyright Enforcement Against Filesharing Services

The Megaupload prosecution has spooked the tech community, which frets that, if the company is guilty of criminal copyright violations, many similar services may be as well. These concerns are compounded by the dire consequences of prosecution in this context: Although it has yet to be convicted, Megaupload has been shut down, its assets frozen, and its customers left unable to retrieve even lawfully stored data.

Not only would targeting every illegal filesharing service impose drastic sanctions, it would also be prohibitively difficult. Prosecuting filesharing services gives rise to unique challenges, including backlash from anticopyright advocates and difficulties in prosecuting infringers living overseas. Megaupload, for example, had headquarters in Hong Kong, operators in Europe and New Zealand, and, fatefully, some servers in the United States.

Given those concerns, prosecutors should save their powder for the worst offenders.[11] We thus propose three guidelines to limit prosecutions of filesharing services.

First, prosecutors should enforce criminal copyright law only in regard to theories of liability already established at the appellate level—especially in civil cases—to avoid untested criminal theories. This standard supports Megaupload’s prosecution, though perhaps not actions against embedded-video sites like TV Shack or Channel Surfing, where the law is more in flux. Some critics decry the idea of any criminal secondary liability as overextending Grokster,[12] but we think that the concept of “secondary” liability is embodied in 18 U.S.C. § 2, which covers “aiding and abetting.” Just as the 1909 Copyright Act allowed the targeting of theater managers assisting traveling performers infringing creative works,[13] section 2 allows the targeting of filesharing services assisting online infringement.

Some commentators speculate that services like Megaupload might avail themselves of the DMCA’s “safe harbor” as YouTube did.[14] But that provision says nothing about criminal sanctions. And the popular focus on the provision’s third of three elements—“notice and takedown” compliance—ignores that the first element is a lack of knowledge or awareness of infringing activity.[15] Satisfying this first element would necessarily defeat any criminal action: it is impossible to willfully infringe, as required for criminal copyright liability, without awareness of infringement. Because any willfulness defense will turn on the facts of individual cases, the availability of this defense should not bar criminal actions against filesharing services altogether.

Second, prosecutors should aim for prominent services like Megaupload. When indicted, Megaupload was the Internet’s 13th most-visited website, pulling in 4% of all Internet traffic with hundreds of millions of registered users and an average of 50 million daily visits.[16] This “big fish” factor is important because the lion’s share of filesharers are low-cost infringers, pirating 99-cent songs or $10 movies. So for many of these users, disrupting high-traffic sites is significantly likely to deter future illegal activities. A recent empirical study bolstered this theory, finding that digital revenues for movie studios increased by 6 to 10% in the wake of Megaupload’s shutdown.[17]

Third, criminal copyright enforcement should be saved for when civil enforcement is likely futile, as when a service’s operators egregiously disregard the law by scorning takedown notices and profiteering from blatant infringement. For example, the operators of the Pirate Bay posted and publicly ridiculed takedown complaints,[18] and Megaupload operators joked about “providing shipping services to pirates” and reposted links to infringing files after receiving takedown requests. Although imprisonment is not ideal, carrying with it the cost of running jails and the loss of wage-earners from the economy, a credible threat of prison may be the only effective approach to combating egregious disregard for copyright law. No doubt this is especially true for services that are able to absorb civil penalties as a cost of doing business, as Megaupload did with civil litigation against it by pornography company Perfect 10.[19]

III.  Benefits of Criminal Copyright Enforcement

Consistent with this last point, although we advocate for limited copyright prosecutions, we acknowledge the distinct benefits of criminal enforcement. First, extradition of overseas defendants, though difficult, is completely unavailable in civil cases. Second, because U.S. courts treat domain names as intangible property located wherever the domain-name registry or registrar is, and a Virginia company controls the registry for all .com and .net domain names, the federal government can shut down domain names through civil forfeiture, as it did by the hundreds in “Operation in Our Sites.”[20] (This technique wasn’t necessary with Megaupload as the company used a Washington-based registrar and ran 525 computer servers in Virginia.[21]) Third, as it did with Megaupload, the government can seize company assets, including servers with third-party data, on the basis that they were instruments or proceeds of criminal activity.[22] Finally, the government has the unique ability to collect evidence by search warrant, rather than subpoena. For example, based on the internal communications produced against Megaupload, technology journalists speculate that the government planted spyware to collect data from its operators’ local hard drives.[23] This information was unlikely to be discovered through civil process. Although government officials must comply with the Fourth Amendment, these protections are still being defined for the digital age.

Given these benefits, it’s curious that the government hasn’t prosecuted more U.S.-based services, like Florida’s Grooveshark, or other notorious foreign piracy sites, like China’s Baidu.[24] But it’s likely that federal prosecutors have concluded that it is not yet worth tackling the jurisdiction problems that would dog any prosecution of these foreign sites, and it would be inefficient to target Grooveshark now, as it’s still embroiled in litigation with music labels. It would also prevent the development of copyright law: civil cases are more likely to be litigated and develop precedent; criminal cases typically end in plea bargains. In our view, the existence of so many other infringing services also underscores the need for prosecutorial discretion: Prosecutors should file charges only when liability has been well-established in civil cases, evidence shows that infringers egregiously violated the copyright laws for profit, and civil enforcement efforts have been stymied.


Preferred citation: Benton Martin & Jeremiah Newhall, Guidelines to Limit Criminal Prosecutions of Filesharing Services, 30 Santa Clara High Tech. L. J. Online (2013),

* The Online Edition of the Santa Clara High Technology Law Journal is an independent scholarly legal publication founded in 1984 by the students of Santa Clara University School of Law.

[1] See, e.g., Timothy B. Lee, How the Criminalization of Copyright Threatens Innovation and the Rule of Lawin Copyright Unbalanced: From Incentive to Excess 55, 63-64 (Jerry Brito ed., 2012); Rob Fischer, A Ninja in Our Sites, The American Prospect, Dec. 15, 2011,

[2] See generally Superseding Indictment at 3, 6-7, United States v. Dotcom, No. 1:12-CR-3 (E.D. Va. Feb. 16, 2012), ECF No. 34 [hereinafter Indictment], available at

[3] Id. at 10–11, 32–33, 42.

[4] See Benton Martin & Jeremiah Newhall, Criminal Copyright Enforcement Against Filesharing Services, 15 N.C. J. L. & Tech. (forthcoming 2013), available at

[5] Miriam Bitton, Rethinking the Anti-Counterfeiting Trade Agreement’s Criminal Copyright Enforcement Measures, 102 J. Crim. L. & Criminology 67, 85 (2012); Note, Criminalization of Copyright Infringement in the Digital Era, 112 Harv. L. Rev. 1705, 1707 (1999).

[6] Metro-Goldwyn-Mayer Studios Inc. v. Grokster, Ltd., 545 U.S. 913, 932–33 (2005).

[7] See, e.g., Columbia Pictures Indus., Inc. v. Fung, 710 F.3d 1020, 1043 (9th Cir. 2013).

[8] Viacom Int’l, Inc. v. YouTube, Inc., 718 F. Supp. 2d 514 (S.D.N.Y. 2010). The Second Circuit affirmed the district court’s core legal analysis, but reversed on the basis that YouTube may have actually known some infringing videos. Viacom Int’l, Inc. v. YouTube, Inc., 676 F.3d 19, 33-34 (2d Cir. 2012).

[9] Lee, supra note 1, at 63-64; David Kravets, Megaupload Assisted U.S. Prosecution of Smaller File-Sharing Service, Wired, Jan. 20, 2012,

[10] See, e.g., Timothy B. Lee, UK TV Shack Admin Won’t Face Trial in US on Copyright Charges, Ars Technica Nov. 28, 2012,

[11] As the Attorney General recognizes, wise use of prosecutorial discretion is “essential to the fair, effective, and even-handed administration of the federal criminal laws.” Memorandum from Attorney  Eric Holder, Attorney General, U.S. Dep’t of Justice, to all federal prosecutors (May 19, 2010), available at Each office of the United States Attorney maintains written guidelines for exercising prosecutorial discretion. Id.

[12] See Lee, supra note 1, at 67-70 (arguing that secondary liability should not be extended in the criminal context because the doctrine has been fleshed out by the courts not Congress); Jennifer Granick, Megaupload: A Lot Less Guilty Than You Think, The Center for Internet and Society Blog (Jan. 26, 2012), (“But the first question from a defense perspective has to be ‘Can the Grokster theory of CIVIL liability even be the basis for CRIMINAL copyright claims?’ This has never been decided by any Court.”).

[13] I. Trotter Hardy, Criminal Copyright Infringement, 11 Wm. & Mary Bill Rts. J. 305, 315 (2002).

[14] See, e.g., Charles Graeber, 10 Days Inside the Mansion—and Mind—of Kim Dotcom, the Most Wanted Man on the Internet, Wired, Oct. 18, 2012,

[15] See 17 U.S.C. § 512(c).

[16]  See Indictmentsupra note 2, at 2-3.

[17] Brett Danaher & Michael D. Smith, Gone in 60 Seconds: The Impact of the Megaupload Shutdown on Movie Sales (Mar. 6, 2013), at 21, available at

[18] Stephen Bright, Current Development, The Current State of BitTorrent in International Law: Why Copyright Law is Ineffective and What Needs Change, 17 New Eng. J. Int’l & Comp. L. 265, 266 (2011).

[19] See Perfect 10, Inc. v. Megaupload, Ltd., No. 11-cv-0191 (S.D. Cal. July 26, 2011), ECF No. 16.

[20] See Mike Belleville, IP Wars: SOPA, PIPA, and the Fight Over Online Piracy, 26 Temp. Int’l & Comp. L.J. 303, 315 (2012); Jack Mellyn, “Reach Out and Touch Someone”: The Growing Use of Domain Name Seizure as a Vehicle for the Extraterritorial Enforcement of U.S. Law, 42 Geo. J. Int’l L. 1241, 1253-54 (2011); Andy Sellars, The In Rem Forfeiture of Copyright-Infringing Domain Names (May 8, 2011), at 32, available at

[21] David Kravets, Uncle Sam: If It Ends in .Com, It’s .Seizable, Wired, Mar. 6, 2012,

[22] Fed. R. Crim. P. 32; 18 U.S.C. § 2323; Lee, supra note 1, at 65–67.

[23] Greg Sandoval & Declan McCullagh, Feds: We Obtained MegaUpload Conversations with Search Warrant, CNET (Jan. 31, 2012),

[24] See Press Release, Senator Orrin Hatch (May 19, 2010), available at